Facebook offers to send you encrypted emails. This won’t help you.

Facebook announced today that the company will let users upload their OpenPGP public keys to the site. This way, the company can encrypt the emails that it sends to its users.

Here's laughing at you, babe.

When one of the world’s most-visited websites adds encryption capabilities, that’s normally a cause for applause. But on second thought, there’s very little here that makes Facebook’s users better off.

This change does nothing to protect you from Facebook’s surveillance. The site’s working principle is to maximise the amount of data it sucks in about its users. And it’s not just the site: Through its ubiquitous “Like” buttons and similar tools, Facebook follows you wherever you go on the web, and builds up a detailed profile of your behaviour.

The company then does with its users what the banks did in the years leading up to the 2008 financial crisis: Slice them into ever-finer demographics, parcel them up, and sell them to advertisers. Whether they send their emails to you encrypted, in plain text, by coach or by carrier pigeon doesn’t make any difference.

Adding encryption to the channel between you and Facebook also does very little to protect you from government surveillance. While state actors, and other people tapping your line, might not be able to read the contents of the messages, they have full access to the subject line and the metadata (who sent the message, who received it, when, and so forth). If the US government is in any way interested in what you’re doing on the site, they only need to ask. The same goes for any other government with which, in order to be allowed to operate, Facebook has cut a deal to rat out its users, such as China.

This step doesn’t even really have the benefit of getting more people to use end-to-end encryption. I’d be very surprised if anyone decided to start using GnuPG or similar tools because of this; Facebook provides no real motivation to do so.

The only benefit for users from this step is that things like password reset messages are now better protected from interception.This will somewhat reduce the risk of identity theft via Facebook, though of course it won’t prevent it from happening. Still, this may somewhat reduce disruptions to Facebook’s business. If we let the company get away with it, they might even succeed with their message of “we’re using crypto, so we’re the good guys”.

This isn’t a step to make you better off. It’s a step to make Facebook better off.

Comments

There are 6 comments

Steve Butler

1389 days ago

It does address the phishing problem to a limited degree in that you can check the signature on the email that looks like it came from Facebook and verify whether it really did. Others could encrypt email to you using your PK. Only Facebook could originate an email that is signed by their SK. [Provided they protect their SK and don't publish it!]

You’re missing one important point, the one that Facebook actually explains: it protects the content of the messages you receive from them. These are not only password reset mails, also content from other users, which was available as plain text to your mail providers and people having access to your mail account. Meaning it gets more interesting for advertisers to go to Facebook instead of your mailprovider. If I’m not mistaken, they add in the subject line part of your social graph (User X posted Y), which will still be available for mail providers.

[...] Facebook offers to send you encrypted emails. This won’t help you. Adding encryption to the channel between you and Facebook also does very little to protect you from government surveillance. While state actors, and other people tapping your line, might not be able to read the contents of the messages, they have full access to the subject line and the metadata (who sent the message, who received it, when, and so forth). If the US government is in any way interested in what you’re doing on the site, they only need to ask. The same goes for any other government with which, in order to be allowed to operate, Facebook has cut a deal to rat out its users, such as China. [...]

There’s an indirect benefit: every highly visible service that visibly supports encryption makes encryption seem more normal. At some point a person may look around and say to himself: “huh, all my neighbors have locks on their doors — maybe I should get one.” And one big problem with the uptake of encrypted comm.s is that you need for the other guy to have it too, to make it work. It’s going to take a long time to make privacy the default, but every little bit helps.

This article wields the classical straw-man argument: Facebook makes money out of user data and exposes them to government surveillance, and because encryption does not put away with that, it has no real value.

What is interesting about this is that Facebook itself never claimed such a thing. The central reason behind PGP encryption is clearly stated in their roll-out message: “whilst Facebook seeks to secure connections to your email provider … the stored content of those messages may be accessible … to anyone who accesses your email provider or email account.” That *is* a valid concern — there is no mention of user tracking or government surveillance.

You are acknowledging as much, saying that “this will somewhat reduce the risk of identity theft via Facebook, though of course it won’t prevent it from happening.” So in essence you’re saying any security measure that is not 100% foolproof is not worth doing at all? Congratulations to a black-and-white philosophy that in IT security will get you exactly nowhere. I would rather think PGP-encrypted password recovery e-mails are a very strong measure against identity theft.

But the important point is that a platform with a user base of some *one* *billion* people now publicly advertises the use of strong end-to-end cryptography. So many people will hear the word PGP for the first time, and all those people who want to get encrypted notifications will then get all the tools to send encrypted e-mails themselves — no further hurdle. I can’t think of another evangelist programme with such an outreach. Ironically, this outreach indeed *does* hinder government surveillance!

Invoking Godwin’s law: just because Adolph Hitler built highways, he wasn’t a better guy. But that does not make highways less useful.
Facebook (which is BTW of course not akin to Hitler) isn’t a better company, but that is completely beside the point: the internet community is indeed “better off” by the roll-out of PGP encryption.

Reality often cannot be separated into a white and a black bin. That is a lesson I’m not sure you’ve learned.

I’m inclined to agree with the other commentators. While I personally don’t use Facebook and don’t really know much about the exact content of the e-mail messages they’re sending out or what information is present in the header vs. body of the mail, encrypting this information on the way from the Facebook mail server to my computer still protects the information from at least my own e-mail server provider (in case I don’t opt for self-hosting). Also you’d have to worry less about encryption between mail servers and between your computer and your mail server (especially the first one is still usually unauthenticated and therefore easily MITMed).